|Numéro de publication||US9003548 B2|
|Type de publication||Octroi|
|Numéro de demande||US 10/823,042|
|Date de publication||7 avr. 2015|
|Date de dépôt||13 avr. 2004|
|Date de priorité||13 avr. 2004|
|Autre référence de publication||US9509667, US20050229258, US20150244688, US20170208044|
|Numéro de publication||10823042, 823042, US 9003548 B2, US 9003548B2, US-B2-9003548, US9003548 B2, US9003548B2|
|Cessionnaire d'origine||Nl Systems, Llc|
|Exporter la citation||BiBTeX, EndNote, RefMan|
|Citations de brevets (107), Citations hors brevets (7), Référencé par (3), Classifications (23), Événements juridiques (5)|
|Liens externes: USPTO, Cession USPTO, Espacenet|
The present invention relates generally to securing documents and, more particularly, to a method and system for document rights management, file encryption, Digital signing of email/Documents and secure deletion of documents
Currently, a number of software-only, hardware-only and software-hardware combination security related products are on the market. They are meant to protect data in electronic documents from unauthorized modification, and to prevent data theft during document transmission over electronic channels. All these tools protect data from outsiders who try to gain unauthorized access to sensitive data, and not from companies' employees. In the meantime, there is a need to prevent both intentional and accidental data leaks from employees' desktops. The most important question is how to protect data from exploitation by authorized users. Protection from intentional and accidental data leaks means most for companies, where such information is of great value, and its leakage can lead to financial losses, as well as credibility losses.
Therefore, what is needed is a system and method that provides secure and efficient document rights management.
The present disclosure provides a system and method that provides secure and efficient document rights management.
Therefore, in accordance with the previous summary, objects, features and advantages of the present disclosure will become apparent to one skilled in the art from the subsequent description and the appended claims taken in conjunction with the accompanying drawings
The present disclosure can be described by the embodiments given below. It is understood, however, that the embodiments below are not necessarily limitations to the present disclosure, but are used to describe a typical implementation of the invention.
The present disclosure can be described by the embodiments given below. It is understood, however, that the embodiments below are not necessarily limitations to the present disclosure, but are used to describe a typical implementation of the invention.
Definitions, Acronyms, and Abbreviations
Author is a person who creates, modifies, and distributes a document, and is responsible for defining usage rights for each of the document's recipients.
Recipient is a person who makes use of the information given in the document created by Author, to the extent limited by the rights set by Author.
COTS—Commercial off the Shelf
RUP—Rational Unified Process.
DOD—Department of Defense.
DRM—Digital Rights Management.
IIS—Internet Information Services.
The invention allows for secure communication and documents exchange between single users and personnel of small companies with undeveloped documents workflow. There are two types of users described in the preferred embodiment—Document Authors and Document Recipients.
Author has the following use cases:
Recipient has the following use cases:
Upon request users may be supplied with a library (Module) to digitally sign web forms, and to verify digitally signed web forms. Shipping will be presumably done in two distinct versions, the server and the workstation client.
The users of both the Essential Security Suite Product and the Essential Security Reader will have the ability to Contact Essential Security Software to revoke their Digital Certificate.
Users can Revoke their Certificate if:
a) Certificate expires
b) Certificate is tampered with
c) User wishes to change certificate
The system provides for secure document exchange between single users. A feature that makes the system stand out when compared to competing COTS software is digital rights management. The freedom of Recipient's actions with a protected document may be limited in any way the Author wants. Furthermore, an additional layer of document protection from unauthorized distribution (e.g. by copying, taking a print screen, printing, or email forwarding) is included in the system. This additional layer binds a document to the Recipient's computer via a passport making it impossible to view or copy information on any other media or computer. (See
A graphic representation of the protected document is sent to the recipient, instead of the documents proper. This approach is used if the recipient does not have rights to edit the document, or copy any of its contents into the clipboard. The system uses an image viewing software (Essential Security Reader) (See
There are at least two versions of the software: a commercial version, used by the Author; and a limited version called Essential Security Reader, used by the Recipient.
The Essential Security Suite includes the following functionality:
The Essential Security Reader will have the following functionality:
The minimum system requirements for running Essential Security Suite:
The algorithm used for document encryption is RC4—a symmetric encryption stream algorithm included in the MS Windows CyryptoAPI
Any standard document may be selected from the main window of the commercial version of the software by a plug-in to the parent application, or by an Explorer plug-in for already created documents.
To initiate the document selection function from the main window or from the plug-in to the parent application, the user selects the File→Open menu.
To initiate the function from Explorer (as a plug-in), the user selects a file or a folder, and then selects Restrict Rights from the right-click context menu.
In either case, the user is presented with the Document Recipients window upon function initiation.
Create Document Recipients List
This function is initiated after the Document Recipients window becomes active. This function displays two lists: locally registered certificates—names of their owners constitute the list of potential document recipients; and selected document recipients. When a recipient is selected from the first list, he/she is then added to the list of actual recipients and removed from the potential recipients list.
In addition, a <<Delete>> mode for removing recipients from the list is included in the system. The mode is activated by clicking the <<Delete>> or by choosing <<Delete>> from the drop-down menu if the user selected the recipient's entry in the list and right-clicked it.
The user can also select groups of recipients in the conventional way, by holding Control and clicking on user names. Selected entries are highlighted by a different color.
For every chosen recipient or chosen group, limitations can be set for allowed document actions. This mode is called by selecting Restrict Document on the menu or by choosing Restrict Document from username right-click context menu. However, the system does not query for recipient rights to files that are not documents or can not be presented as an image corresponding to the document's printable image (AVI, MP3, etc.). Files that are not documents or can not be presented as an image can be encrypted and signed with full rights assigned. The selecting of other use rights is disabled.
Set Document Usage Rights
This function begins by activating the Usage Rights window. The user may choose from the following options: (See
The Recipient by default has viewing rights, as those are the minimal privileges.
The rights are to split in two alternative groups: one for full rights; and a second for a subset of full rights. An example of the window is illustrated in
After defining the rights of the recipients, they are grouped in two lists: a list of recipients with Full Rights; and a list of recipients with Forwarding rights, Printing rights, Print Screen rights, and/or Date Restrictions. For Full Rights, additional processing is not performed before encryption. For the other rights, a graphic image to indicate the system is processing is displayed.
When the recipient opens the encrypted and signed email or document the certificate is displayed verifying the signature. (See
For e-mail letters created in MS Outlook or MS Outlook Express, recipient rights do not have to be defined. If rights are not defined, then all recipients are considered to have full rights and the letter is not encrypted. In this embodiment, attachments to e-mail letters in Outlook are not modified, unless the user directs otherwise. If the user wants to restrict rights on the attachment, the user must first process it as a usual restricted file and then attach to the e-mail letter.
For an e-mail with restricted rights, the letter body is extracted and placed unto a text file named EMailBody.txt; a standard phrase <<The letter body has been encrypted and placed in the attached file EMailBody.txt>> is then inserted. Processing of the EMailBody.txt file is the same as for the other restricted files.
Automated Document-to-Image Conversion
This function includes creating a page-by-page BMP image of the document corresponding to the printed output image of the document from the parent program (i.e. the program with which the document was initially created). The conversion is similar to printing the document to a BMP file or a printer, and displays the progress. In this embodiment, this function is called only when a selected file has a parent program installed.
If the document does not contain the printer's page properties, defaults are used. However, an option is the have the user specify those as well (page size, margin width, portrait/landscape, etc).
Default page properties are: Letter sized paper; top, bottom and left margins are 1 inch wide, right margin is 0.5 inch wide; color settings—black and white; and resolution of 300 DPI.
The user can specify at least the following values: Page size; Document color (black-and-white, grayscale, full color); and Resolution in DPI.
When BMP images are being generated, a progress bar along with default page properties are shown.
Digitally Sign and Encrypt a File or Folder
Signing and encrypting is initiated by the user and can be executed by the following document access options:
After the user initiates the sign and encrypt function, a window is displayed containing a list of registered certificates of the document's author. The user can select the necessary certificate for signing the document or cancel the operation. Signing is performed by calling corresponding MS Windows Crypto API functions. A Progress Bar is displayed as the encryption proceeds.
For graphical images of documents every page is signed separately. The system also provides different options for the user to customize the encryption techniques and keys. Encrypted document bodies are placed in a crypto container. Folders that are encrypted and signed are first zipped, then encrypted and signed in the usual way.
Furthermore, every recipient has a symmetric session key used for encrypting the document body and the set of the given user's rights. This information is encrypted using the given recipient's public key. The information is then encrypted again using a unique symmetric key formed from the computer's passport. The data stream received after the second encryption is then placed into a crypto container. The crypto container is then ready for delivery by any means.
Generate the Document Recipient's Passport
This function is activated as a stand-alone application or as a plug-in for Explorer. When the function is called, the software gathers at least the following information about the user's computer: BIOS version number; Video card BIOS creation date; and Primary HDD serial number. (See
The gathered data is combined into a data flow that is signed by the recipient's digital signature; then the recipient's certificate is added to them to form the final entity that is called Document Recipient's Passport, and saved as a binary file. (See
The system also allows the Recipient to possess several certificates issued by different certification authorities, by displaying the list of personal certificates and allowing the user to choose the appropriate one. The passport is then passed to the document's author for later use. The user will be given the option to designate a default certificate.
Decrypt Document on Open, Verify Digital Signature and Document Integrity
Depending on the file type and its method of processing, this function can be activated in the following ways:
The decryption process is the reverse of the creation of a forwarding-ready crypto container. The decryption begins by forming the recipient computer's passport from the following information: BIOS version number; Video card BIOS creation date; and Primary HDD serial number.
From the passport, a symmetric key is built and an attempt to decrypt one of the sets attached to the document is carried out (every set contains the encrypted symmetric session key used for encrypting the document body and the given user's set of rights.)
If the processing fails to yield a decrypted set of a symmetric session key and recipient rights, the message <<The document may not be decrypted on this computer>> is displayed, after which the program terminates.
If the processing produces a decrypted set of a symmetric session key and recipient rights, this data is then placed in a closed area of the Decrypt class and may not be copied to external media under any circumstances.
The system then starts to verify the document author's signature and document integrity. The integrity of the page and its digital signature is then verified using the decrypted session key the first page of the document (or the entire document, if the rights did not include creating graphical images) and, by using the Crypto API.
If the signature does not pass the verification, the <<File is signed by unknown person>> message is displayed.
If hashing indicated file integrity violation, the <<File corrupted in transfer>> message is displayed.
If signature verification or hashing terminates with an error message, further processing of the file is stopped. However, if signature verification or hashing is successful, the <<Verification successful>> message and the information on the person who signed the document is displayed.
An example of a window displaying the certificate data of the signing person is illustrated in (See
Further actions of the recipient are limited by the function Restrict recipient's actions in accordance with defined rights as defined below.
Restrict Recipient's Actions in Accordance With Defined Rights
This function is called automatically after normal termination of decrypting the symmetric session key used for encrypting the document body and the set of the given user's rights. Depending on the user rights he/she is allowed to either save the document on an external media (HDD, CD, etc . . . ), or open it for viewing and printing.
The <<full rights>> option enables the user to save the document to external media by automatically decrypting the file. If the document is an encrypted folder, it is decrypted and then unzipped to a path specified by the user. Normally decrypted files are also saved to a path specified by the user.
At this point, the system allows the user to call up the necessary program for editing, copying, printing any number of copies, or listening to and viewing the decrypted document.
Document's Graphical Representation Viewing Rights
The options of Forwarding rights, Printing rights, Print Screen rights, Limit document usage dates are controlled by the function Document graphical representation viewing rights. This function is called automatically for documents with limited user rights. The interface of the function is unified with the Essential Security Reader program. The Essential Security Suite includes the Essential Security Reader. This allows both the Author and the recipient to view documents and emails that have been given usage rights.
This function first calculates how many pages will fit in the navigation part of the screen and decrypts only that amount of pages from the document's graphical representation. The navigation previews and a full-sized first page (further called the current page) are then displayed.
Changing the current page is controlled by selecting a new page in the navigation area by the mouse cursor and double-clicking it. In addition, pressing the <<PageUP>> and <<PageDown>> initiates decryption of the previous or next batch of navigation pages.
If rights allow, the user must be able to print any part of the document. If document usage dates are limited, the following is checked:
Documents are purged securely and permanently (see Guaranteed file purging detailed below for more details).
Web Form Authoring and Verification With Digital Signatures System
The system is intended for authorization of data entered by a user into a web form within some web application and guarantees their protection from any possible tampering. The authorization here means that the data was entered exactly by the same system user who owns the certificate.
This function is called as a plug-in for Internet Explorer version 6.0 and above. This function is initiated when the user is viewing a Web-form and selects Check Sign from the menu. All the values entered are regarded as a data flow that must be subjected to a standard signature verification procedure using the Crypto API functions. The digital signature is treated as an extra service field and added to the previously entered data. The signature is also used by the recipient's side to verify the data integrity. The user can also view the personal information of the person who signed the Web-form.
The function consists of the two following components:
The notary service is implemented as a SOAP Web Service and performs the following commands:
The system makes keys and manages certificates for end users. This function includes:
This function provides secure corporate document storage. It includes the following functionality:
This function provides support for automated document coordination and approval process. It includes the following functionality;
This function monitors all user actions when working with documents. It includes the following functionality:
Guaranteed file purging corresponds to the DoD 5220.22-M standard requirements specification in this embodiment. This function deletes files bypassing the system Recycle Bin procedure. The deleted data is impractical to restore, either partially or wholly.
“Both versions of the system perform information encryption/decryption and digital signature forming/checking. The kernel-implemented operation set defines the system cryptographic functionality.
The cryptographic kernel includes two kinds of operations: Basic Stream Operations and file level wrappers.
Basic Stream Operations
Basic stream operations include cryptographic operations on abstract data streams without binding them to their storage and allocation options. The operations include:
Digital signatures are additional information attached to the protected data. They are derived from the contents of the document being signed and is formed with a secret key. Digital signatures are characterized by the following:
These operations manipulate cryptographic objects at the file level. File-level wrappers are based on the crypto container concept. All cryptographic objects, associated with a single original file, are encapsulated into a single file of compound structure (cryptocontainer). These objects include:
A cryptocontainer is stored in the same folder as the original file. Its name is modified by attaching an additional extension, which prevents incorrect file processing on systems where the product is not installed.
The following functionality is also included in the commercial version:
The above functionality add the following operations:
The transparency subsystem extending the system functionality. The transparency subsystem provides a way to process encrypted and signed files without any additional user actions. When someone tries to access a file, the subsystem reproduces the file's original state in some separate buffer space, grants the user access to the file located in this space and later purges the buffer space, reflecting all changes done to the file there into the actual file. Any action this subsystem takes does not change the file's cryptographic state (except for purging all digital signatures if the file was modified).
Thus, from the point of view of this subsystem, there are three file categories:
To support the transparent file processing logic, simultaneous existence of the original file and corresponding cryptocontainer is considered a conflict, which should be resolved by the user's choice of which of the files should be considered the actual file. From the point of view of most applications, cryptocontainers are hidden, while virtual files are indistinguishable from original files.
In this embodiment, all standard applications which require transparent file access have their entries in the system registry. For these applications, opening an encrypted and signed file will always mean verifying its integrity, signatures and then decryption; likewise, when the file is closed, it is encrypted and all present signatures are voided if the file has been modified. For applications with no associated extensions, transparent access to encrypted files is not provided.
The system includes the following transparency functions:
In order to more clarify the invention, the following describes more details of the invention as described through the figures.
It is understood that several modifications, changes and substitutions are intended in the foregoing disclosure and in some instances some features of the invention will be employed without a corresponding use of other features. Accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the scope of the invention.
|Brevet cité||Date de dépôt||Date de publication||Déposant||Titre|
|US4027243||12 mai 1975||31 mai 1977||General Electric Company||Message generator for a controlled radio transmitter and receiver|
|US4393269||29 janv. 1981||12 juil. 1983||International Business Machines Corporation||Method and apparatus incorporating a one-way sequence for transaction and identity verification|
|US4477809||18 juin 1982||16 oct. 1984||General Electric Company||Method for random-access radio-frequency data communications|
|US4484355||11 avr. 1983||20 nov. 1984||Ritron, Inc.||Handheld transceiver with frequency synthesizer and sub-audible tone squelch system|
|US4530051||10 sept. 1982||16 juil. 1985||At&T Bell Laboratories||Program process execution in a distributed multiprocessor system|
|US4545071||11 sept. 1984||1 oct. 1985||Motorola, Inc.||Portable radio for a zoned data communications system communicating message signals between portable radios and a host computer|
|US4707592||7 oct. 1985||17 nov. 1987||Ware Paul N||Personal universal identity card system for failsafe interactive financial transactions|
|US4709136||3 juin 1986||24 nov. 1987||Toppan Moore Company, Ltd.||IC card reader/writer apparatus|
|US4799156||1 oct. 1986||17 janv. 1989||Strategic Processing Corporation||Interactive market management system|
|US4947028||19 juil. 1988||7 août 1990||Arbor International, Inc.||Automated order and payment system|
|US4955049||8 sept. 1989||4 sept. 1990||Telefonaktiebolaget L M Ericsson||Method of supervising mobile telephone subscriptions in a mobile telephone system|
|US5020093||20 déc. 1989||28 mai 1991||Motorola, Inc.||Cellular telephone operable on different cellular telephone systems|
|US5053606||6 juin 1988||1 oct. 1991||Omron Tateisi Electronics Co.||Credit authorization terminal with circuitry to service plural customers in parallel|
|US5099420||10 janv. 1989||24 mars 1992||Bull Hn Information Systems Inc.||Method and apparatus for limiting the utilization of an asynchronous bus with distributed controlled access|
|US5220564||24 déc. 1990||15 juin 1993||Ncr Corporation||Transmission control for a wireless local area network station|
|US5283639||10 sept. 1991||1 févr. 1994||Esch Arthur G||Multiple media delivery network method and apparatus|
|US5412416||7 août 1992||2 mai 1995||Nbl Communications, Inc.||Video media distribution network apparatus and method|
|US5426427||4 avr. 1991||20 juin 1995||Compuserve Incorporated||Data transmission routing system|
|US5475819||17 juin 1994||12 déc. 1995||Digital Equipment Corporation||Distributed configuration profile for computing system|
|US5483596||24 janv. 1994||9 janv. 1996||Paralon Technologies, Inc.||Apparatus and method for controlling access to and interconnection of computer system resources|
|US5600364||2 déc. 1993||4 févr. 1997||Discovery Communications, Inc.||Network controller for cable television delivery systems|
|US5604542||8 févr. 1995||18 févr. 1997||Intel Corporation||Using the vertical blanking interval for transporting electronic coupons|
|US5638513||7 juin 1995||10 juin 1997||Ananda; Mohan||Secure software rental system using continuous asynchronous password verification|
|US5655077||13 déc. 1994||5 août 1997||Microsoft Corporation||Method and system for authenticating access to heterogeneous computing services|
|US5675507||28 avr. 1995||7 oct. 1997||Bobo, Ii; Charles R.||Message storage and delivery system|
|US5684950||23 sept. 1996||4 nov. 1997||Lockheed Martin Corporation||Method and system for authenticating users to multiple computer servers via a single sign-on|
|US5689638||13 déc. 1994||18 nov. 1997||Microsoft Corporation||Method for providing access to independent network resources by establishing connection using an application programming interface function call without prompting the user for authentication data|
|US5721780||31 mai 1995||24 févr. 1998||Lucent Technologies, Inc.||User-transparent security method and apparatus for authenticating user terminal access to a network|
|US5802304||18 avr. 1996||1 sept. 1998||Microsoft Corporation||Automatic dialer responsive to network programming interface access|
|US5862339||9 juil. 1996||19 janv. 1999||Webtv Networks, Inc.||Client connects to an internet access provider using algorithm downloaded from a central server based upon client's desired criteria after disconnected from the server|
|US5884024||9 déc. 1996||16 mars 1999||Sun Microsystems, Inc.||Secure DHCP server|
|US5889958||20 déc. 1996||30 mars 1999||Livingston Enterprises, Inc.||Network access control system and process|
|US5892900||30 août 1996||6 avr. 1999||Intertrust Technologies Corp.||Systems and methods for secure transaction management and electronic rights protection|
|US5896444||3 juin 1996||20 avr. 1999||Webtv Networks, Inc.||Method and apparatus for managing communications between a client and a server in a network|
|US5898780||9 oct. 1996||27 avr. 1999||Gric Communications, Inc.||Method and apparatus for authorizing remote internet access|
|US5898839||17 mars 1997||27 avr. 1999||Geonet Limited, L.P.||System using signaling channel to transmit internet connection request to internet service provider server for initiating and internet session|
|US5913040||22 août 1995||15 juin 1999||Backweb Ltd.||Method and apparatus for transmitting and displaying information between a remote network and a local computer|
|US5918013||3 juin 1996||29 juin 1999||Webtv Networks, Inc.||Method of transcoding documents in a network environment using a proxy server|
|US5935207||9 avr. 1997||10 août 1999||Webtv Networks, Inc.||Method and apparatus for providing remote site administrators with user hits on mirrored web sites|
|US5940074||22 nov. 1996||17 août 1999||Webtv Networks, Inc.||Remote upgrade of software over a network|
|US5950010||25 nov. 1996||7 sept. 1999||J.D. Edwards World Source Co.||System and method for customized application package building and installation|
|US5974461||21 juil. 1997||26 oct. 1999||Webtv Networks, Inc.||Method for automatically regenerating information at a client system in the event of power or communication disruption between the client system and the server|
|US5983273||16 sept. 1997||9 nov. 1999||Webtv Networks, Inc.||Method and apparatus for providing physical security for a user account and providing access to the user's environment and preferences|
|US6023585||2 mai 1997||8 févr. 2000||Webtv Networks, Inc.||Automatically selecting and downloading device drivers from a server system to a client system that includes one or more devices|
|US6023698||5 déc. 1996||8 févr. 2000||International Business Machines Corporation||System and method for transparently registering and updating information over the internet|
|US6026079||4 déc. 1996||15 févr. 2000||Webtv Networks, Inc.||Modem to support multiple site call conferenced data communications|
|US6061798||19 oct. 1998||9 mai 2000||Network Engineering Software, Inc.||Firewall system for protecting network elements connected to a public network|
|US6070192||24 déc. 1997||30 mai 2000||Nortel Networks Corporation||Control in a data access transport service|
|US6073168||20 janv. 1997||6 juin 2000||Webtv Networks, Inc.||Method for reducing delivery latency of an image or other secondary information associated with a file|
|US6128663||10 févr. 1998||3 oct. 2000||Invention Depot, Inc.||Method and apparatus for customization of information content provided to a requestor over a network using demographic information yet the user remains anonymous to the server|
|US6134590||8 déc. 1997||17 oct. 2000||Webtv Networks, Inc.||Method and apparatus for automatically connecting devices to a local network|
|US6138119||27 avr. 1999||24 oct. 2000||Intertrust Technologies Corp.||Techniques for defining, using and manipulating rights management data structures|
|US6141694||16 sept. 1997||31 oct. 2000||Webtv Networks, Inc.||Determining and verifying user data|
|US6178505||4 mars 1998||23 janv. 2001||Internet Dynamics, Inc.||Secure delivery of information in a network|
|US6185685||11 déc. 1997||6 févr. 2001||International Business Machines Corporation||Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same|
|US6289450 *||28 mai 1999||11 sept. 2001||Authentica, Inc.||Information security architecture for encrypting documents for remote access while maintaining access control|
|US6311197||10 juin 1998||30 oct. 2001||Webtv Networks, Inc.||Method for downloading a web page to a client for efficient display on a television screen|
|US6571290||19 juin 1998||27 mai 2003||Mymail, Inc.||Method and apparatus for providing fungible intercourse over a network|
|US6721784 *||30 déc. 1999||13 avr. 2004||Poofaway.Com, Inc.||System and method for enabling the originator of an electronic mail message to preset an expiration time, date, and/or event, and to control and track processing or handling by all recipients|
|US6824051||7 juin 2002||30 nov. 2004||Contentguard Holdings, Inc.||Protected content distribution system|
|US6990684||30 août 2001||24 janv. 2006||Sony Corporation||Person authentication system, person authentication method and program providing medium|
|US7143296 *||17 mars 2005||28 nov. 2006||Sony Corporation||Transmitting/receiving apparatus and a transmitting/receiving method|
|US7149893||7 sept. 1999||12 déc. 2006||Poofaway.Com, Inc.||System and method for enabling the originator of an electronic mail message to preset an expiration time, date, and/or event, and to control processing or handling by a recipient|
|US7290285 *||2 juil. 2001||30 oct. 2007||Zinio Systems, Inc.||Systems and methods for distributing and viewing electronic documents|
|US7310821||27 août 2001||18 déc. 2007||Dphi Acquisitions, Inc.||Host certification method and system|
|US7398556 *||17 févr. 2004||8 juil. 2008||Koninklijke Philips Electronics N.V.||System and method for managing copyrighted electronic media|
|US7406596 *||12 mars 2001||29 juil. 2008||Herbert Street Technologies||Data transfer and management system|
|US7418737 *||13 juin 2001||26 août 2008||Mcafee, Inc.||Encrypted data file transmission|
|US7472280 *||23 mai 2002||30 déc. 2008||Proxense, Llc||Digital rights management|
|US7590861||6 août 2003||15 sept. 2009||Privaris, Inc.||Methods for secure enrollment and backup of personal identity credentials into electronic devices|
|US7870198 *||1 août 2003||11 janv. 2011||Microsoft Corporation||Content rights management for email and documents contents and systems, structures, and methods therefor|
|US8205078 *||20 févr. 2009||19 juin 2012||International Business Machines Corporation||Handling files containing confidential or sensitive information|
|US8290160 *||17 oct. 2001||16 oct. 2012||Appalachian Technologies Corporation of Pennsylvania||Method and apparatus for secured facsimile transmission|
|US8474058 *||21 août 2003||25 juin 2013||Rovi Solutions Corporation||Method and system for managing a data object so as to comply with predetermined conditions for usage|
|US8838704 *||28 août 2009||16 sept. 2014||Advanced Messaging Technologies, Inc.||System and process for transmitting electronic mail using a conventional facsimile device|
|US20010029581 *||15 janv. 2001||11 oct. 2001||Knauft Christopher L.||System and method for controlling and enforcing access rights to encrypted media|
|US20020010679||5 juil. 2001||24 janv. 2002||Felsher David Paul||Information record infrastructure, system and method|
|US20020129275 *||8 mars 2001||12 sept. 2002||Decuir Joseph Charles||Methods, systems, computer program products, and data structures for limiting the dissemination of electronic mail|
|US20030037237||9 avr. 2001||20 févr. 2003||Jean-Paul Abgrall||Systems and methods for computer device authentication|
|US20030044012 *||31 août 2001||6 mars 2003||Sharp Laboratories Of America, Inc.||System and method for using a profile to encrypt documents in a digital scanner|
|US20030191946||12 juin 2001||9 oct. 2003||Auer Anthony R.||System and method controlling access to digital works using a network|
|US20040003139||28 juin 2002||1 janv. 2004||Microsoft Corporation||Secure server plug-in architecture for digital rights management systems|
|US20040003269 *||28 juin 2002||1 janv. 2004||Microsoft Corporation||Systems and methods for issuing usage licenses for digital content and services|
|US20040148356 *||4 oct. 2003||29 juil. 2004||Bishop James William||System and method for private messaging|
|US20050060537||12 nov. 2003||17 mars 2005||Verdasys, Inc.||Managed distribution of digital assets|
|US20050120212||14 mars 2003||2 juin 2005||Rajesh Kanungo||Systems and method for the transparent management of document rights|
|US20050177873||3 févr. 2005||11 août 2005||Yi-Lin Wu||File access controlling method and file access controlling system for digital rights management|
|US20070050696 *||11 août 2003||1 mars 2007||Piersol Kurt W||Physical key for accessing a securely stored digital document|
|US20070074270||28 sept. 2005||29 mars 2007||Essential Security Software, Inc.||Method and system for digital rights management of documents|
|EP0248403B1||2 juin 1987||13 avr. 1994||Hitachi, Ltd.||Distributed interactive processing method in complex system including plural work stations and plural host computers and apparatus using the same|
|EP0384339B1||19 févr. 1990||2 avr. 1997||Digital Equipment Corporation||Broker for computer network server selection|
|EP0421808B1||5 oct. 1990||28 déc. 1994||André Peter Mansvelt||Funds transfer system|
|EP0479660B1||30 sept. 1991||23 oct. 1996||Digital Equipment Corporation||Distributed configuration profile for computing system|
|EP0501967B1||19 sept. 1990||24 mai 1995||Camborne Industries Plc||Compacting scrap metal in a tube for recycling|
|EP0506637B1||23 mars 1992||1 août 2001||Ericsson Inc.||Cellular verification and validation system|
|EP0590861A2||22 sept. 1993||6 avr. 1994||AT&T Corp.||Secure credit/debit card authorization|
|EP0650307B1||10 oct. 1994||24 mars 2004||Kabushiki Kaisha Toshiba||Radio telecommunication apparatus|
|EP0745924A2||21 mai 1996||4 déc. 1996||AT&T Corp.||User-transparent security method and apparatus for authenticating user terminal access to a network|
|EP0814589B1||16 juin 1997||25 août 2004||AT&T Corp.||System and method for automated network reconfiguration|
|GB2190820A||Titre non disponible|
|GB2289598A||Titre non disponible|
|WO1986003926A1||1 nov. 1985||3 juil. 1986||Motorola, Inc.||Method of communications between register-modelled radio devices|
|WO1993017529A1||23 févr. 1993||2 sept. 1993||Nokia Telecommunications Oy||Telecommunication system and subscriber authentication method|
|WO1996000485A2||14 juin 1995||4 janv. 1996||Telefonaktiebolaget Lm Ericsson||User authentication method and apparatus|
|WO1997007656A2||22 août 1996||6 mars 1997||Backweb||Method and apparatus for transmitting and displaying information between a remote network and a local computer|
|WO1997009682A1||30 août 1996||13 mars 1997||Elonex Plc||Service independent electronic document server|
|WO2001097480A2||12 juin 2001||20 déc. 2001||Mediashell Corp.||System and method for controlling the access to digital works through a network|
|1||*||"Authentica Unveils Saferoute for Secure Messaging", Press Release, Dec. 2002, Retrieved from the Internet on Sep. 10, 2007: .|
|2||*||"Authentica Unveils Saferoute for Secure Messaging", Press Release, Dec. 2002, Retrieved from the Internet on Sep. 10, 2007: <URL: http://www.authentica.com/news/pr2002/12-16-2002-saferoute.aspx>.|
|3||*||Bott et al, "Microsoft Windows Security Inside Out", Microsoft Press, 2003, pp. 351-362.|
|4||*||Ford et al, "A Key Distribution Method for Object-Based Protection", ACM, 1994, Retrieved from the Internet on Sep. 10, 2007: <URL: http://delivery.acm.org/10.1145/200000/191225/p193-ford.pdf?key1=191225&key2=0109739811&coll=&dl=acm&CFID=15151515&CFTOKEN=6184618>.|
|5||Meehan, Patrick, "U.S. Appl. No. 13/538,637" filed on Jun. 29, 2012.|
|6||*||Microsoft Computer Dictionary, Microsoft Press, 5th Edition, 2002, p. 171.|
|7||Schneider, F. B., "Trust in Cyberspace," Dec. 1998 ISBN-10:0-309-06558-5; ISBN-13:978-0-309-06558-0 [retrieved on Jun. 6, 2007]. Retrieved from the Internet, URL:http://www.aci/net/kalliste/tic.htm.>, pp. 1-249.|
|Brevet citant||Date de dépôt||Date de publication||Déposant||Titre|
|US20110289423 *||2 mai 2011||24 nov. 2011||Samsung Electronics Co., Ltd.||Method and apparatus for controlling objects of a user interface|
|US20160018895 *||24 avr. 2015||21 janv. 2016||Dennis Sidi||Private messaging application and associated methods|
|US20160112385 *||26 août 2015||21 avr. 2016||Arvato Digital Services Llc||Location-specific or range-based licensing system|
|Classification aux États-Unis||726/27, 726/28, 713/152, 726/26|
|Classification internationale||G06F21/00, G06F11/30, G06F12/14, G06F21/64, G06F21/62, H04L29/06, H04L9/08, H04L9/00, H04L9/32|
|Classification coopérative||H04L9/3247, H04L9/083, H04L2209/64, H04L63/0428, H04L63/0823, H04L2209/603, G06F21/64, G06F21/6209, H04L9/3263, H04L2463/101|
|18 oct. 2004||AS||Assignment|
Owner name: ESSENTIAL SECURITY SOFTWARE, INC., TEXAS
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PIGIN, VLAD;REEL/FRAME:015257/0082
Effective date: 20040413
|20 sept. 2011||AS||Assignment|
Owner name: ECFLP IP, LLC, TEXAS
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ESSENTIAL SECURITY SOFTWARE, INC.;REEL/FRAME:026954/0598
Effective date: 20100815
|28 sept. 2011||AS||Assignment|
Owner name: NL SYSTEMS, LLC, TEXAS
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ECFLP IP, LLC;REEL/FRAME:026997/0870
Effective date: 20110922
|16 août 2012||AS||Assignment|
Owner name: ECFLP IP, LLC, TEXAS
Free format text: CORRECTIVE ASSIGNMENT TO REPLACE SIGNATURE PAGE OF ERIC CHANCELLOR ON PAGE 6 IN ORIGINAL ASSIGNMENTDOCUMENT AT REEL/FRAME 026954/0598;ASSIGNOR:ESSENTIAL SECURITY SOFTWARE, INC.;REEL/FRAME:028787/0845
Effective date: 20100815
|4 mai 2016||AS||Assignment|
Owner name: ENCRYPTICS, LLC, TEXAS
Free format text: CHANGE OF NAME;ASSIGNOR:NL SYSTEMS LLC;REEL/FRAME:038610/0066
Effective date: 20140307